I thought that you could only secure NFS between two OpenBSD stations, as the secure flavour OpenBSD uses is unique (though open) to the OpenBSD implementation. -----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com]On Behalf Of Gregory Steuck Sent: Thursday, September 16, 1999 8:25 AM To: alex Cc: firstname.lastname@example.org Subject: secure NIS and NFS like services (was Re: networking) Am I mistaken thinking that there's no way around nfs brokenness on OpenBSD? AFAIK SecureRPC is necessary to make NFS moderately secure and SecureRPC is not available anywhere but on Solaris. Or can we still use Kerberos to authenticate NFS mounts at least? >>>>> "alex" == alex <email@example.com> writes: alex> There are solutions out there, but nothing seems to be alex> general. Sun has NIS+, but that doesn't do me any good if I alex> want to run OpenBSD and Solaris together. The Coda file alex> system seems to be a lot safer than NFS, but that isn't alex> supported everywhere either. Even IPsec, which protects the alex> link, but doesn't address problems in underlying protocols, alex> doesn't seem to run on solaris. alex> So what I'd like to know is how experienced openbsd security alex> gurus solve these problems, if they solve them at all. Is it alex> possible to secure NFS, at least on the openbsd side? Do they alex> use AFS? Is AFS an expensive solution? And what, if alex> anything, exists for the NIS side of the problem?